Code scanning will propose AI-generated fixes for CodeQL C# alerts in pull requests. These fixes help developers resolve alerts faster and prevent introducing new vulnerabilities into codebases.
Autofix is available to private GitHub enterprise repositories with GitHub Advanced Security enabled.
Intended Outcome
Users can fix security vulnerabilities faster with the help of code scanning AI-generated remediation suggestions, which offer a convenient one-click fix option. Additionally, the UX allows users to jump into an editing environment in order for developers to make any adjustments to the proposed fix. Read more about autofix in our announcement.
How will it work?
Following the CodeQL analysis, code scanning utilizes Copilot to suggest a fix for any new C# alerts where possible. These AI-generated remediation suggestions are then posted on the PR's 'Conversation' and 'Files Changed' tabs. Read more about fix generation in our transparency documentation.
ankneis
commented
2 months ago
Summary
Code scanning will propose AI-generated fixes for CodeQL C# alerts in pull requests. These fixes help developers resolve alerts faster and prevent introducing new vulnerabilities into codebases.
Autofix is available to private GitHub enterprise repositories with GitHub Advanced Security enabled.
Intended Outcome
Users can fix security vulnerabilities faster with the help of code scanning AI-generated remediation suggestions, which offer a convenient one-click fix option. Additionally, the UX allows users to jump into an editing environment in order for developers to make any adjustments to the proposed fix. Read more about autofix in our announcement.
How will it work?
Following the CodeQL analysis, code scanning utilizes Copilot to suggest a fix for any new C# alerts where possible. These AI-generated remediation suggestions are then posted on the PR's 'Conversation' and 'Files Changed' tabs. Read more about fix generation in our transparency documentation.